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Question: 1 


Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out 
an appropriate method to manage OC1 costs. 
NOT a valid technique to accurately attribute costs to resources used by each team? 


A. Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by 
compartments. 

B. Create a Cost-Tracking tag. Apply this tag to all resources with team Information. Use the OCI cost 
analysis tools to filter costs by tags. 

C. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for 
each group to track spending. 

D. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage 
Report which has detailed Information about resources and tags. 


Answer: C 


Explanation: 

Budgets are set on cost-tracking tags or on compartments (including the root compartment) to track 
all spending in that cost-tracking tag or for that compartment and its children. 

Using Cost-Tracking Tags 

You can use cost-tracking tags to help manage costs in your tenancy. Use cost-tracking tags to do any 
of the following: 

- Filter projected costs 

- Set budgets 

You can only use cost-tracking tag with defined tags. You cannot specify free-form tags as cost- 
tracking tags. 

You can set email alerts on your budgets. You can set alerts that are based on a percentage of your 
budget or an absolute amount, and on your actual spending or your forecast spending. 


Question: 2 


An organization wants to extend their existing on-premises data centers to the Oracle Cloud 
Infrastructure (OC1) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN 
connection between their Customer-Premises Equipment(CPE) and Dynamic Routing Gateway(DRG) 
on 

How can you make this connection highly available (HA)? 


A. Add another Dynamic Routing gateway In a different Availability Domain and create another IPSec 


VPN connection. 
B. Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection with 
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the same Dynamic Routing Gateway (DRG). 

C. Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available 
component. 

D. Add another Dynamic Routing Gateway in a different Availability Domain, and create another 
IPSec VPN connection with another Customer Premises Equipment (CPE). 


Answer: B 


Explanation: 
IPSec VPN Best Practices 


Configure all tunnels for every IPSec connection: Oracle deploys multiple IPSec headends for all your 
connections to provide high availability for your mission-critical workloads. Configuring all the 
available tunnels is a key part of the "Design for Failure" philosophy. (Exception: Cisco ASA policy- 


based configuration, which uses a single tunnel.) 

Have redundant CPEs in your on-premises locations: Each of your sites that connects with IPSec to 
Oracle Cloud Infrastructure should have redundant CPE devices. You add each CPE to the Oracle 
Cloud Infrastructure Console and create a separate IPSec connection between your dynamic routing 
gateway (DRG) and each CPE. For each IPSec connection, Oracle provisions two tunnels on 
geographically redundant IPSec headends. Oracle may use any tunnel that is "up" to send traffic back 
to your on-premises network. For more information, see Routing for the Oracle IPSec VPN. 

Consider backup aggregate routes: If you have multiple sites connected via IPSec VPNs to Oracle 
Cloud Infrastructure, and those sites are connected to your on-premises backbone routers, consider 
configuring your IPSec connection routes with both the local site aggregate route as well as a default 
route. 

Note that the DRG routes learned from the IPSec connections are only used by traffic you route from 
your VCN to your DRG. The default route will only be used by traffic sent to your DRG whose 
destination IP address does not match the more specific routes of any of your tunnels. 

The following figure shows the basic layout of the IPSec VPN connection. 
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Question: 3 


You need to set up daily Incremental backups of your database In Oracle Cloud Infrastructure (OCI) 
Database Service. The backups need to be retained for at least 50 days. 

Which of the following method allows you do accomplish this Is an efficient and cost effective 
manner? 


A. Enable automatic backups and choose the preset retention period of 60 days. 
B. Enable automatic backups and set the retention period to 50 days. 
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C. Set up a cron job with OCI Database Service CreateBackuP API call to take periodic full-backups to 
OCI Object Store. Delete backups older than 50 days. 

D. Use Recovery Manager (RMAN) to take backups to an OCI Object Store bucket. Delete backups 
older than 50 days. 


Answer: A 


Explanation: 

When you enable the Automatic Backup feature, the service creates daily incremental backups of the 
database to Object Storage. The first backup created is a level O backup. Then, level 1 backups are 
created every day until the next weekend. Every weekend, the cycle repeats, starting with a new 
level 0 backup. 

Backup Retention 

If you choose to enable automatic backups, you can choose one of the following preset retention 
periods: 7 days, 15 days, 30 days, 45 days, or 60 days. The system automatically deletes your 
incremental backups at the end of your chosen retention period. 
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/backingupOSrman.htm 

Also, you can u se Recovery Manager (RMAN) to manage backups of your Bare Metal or Virtual 
Machine DB system database to your own Object Storage 
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/backingupOSrman.htm 


Question: 4 


You have the following compartment structure within your company's Oracle Cloud Infrastructure 
(OCI) tenancy: 
COMPARTMENT 


(root) xs 


= (root) 


= CompartmentA 
3 CompartmentB 
ComparimentC 


You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only In 
CompartmentC. 
Which policy is correct? 


A. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC 

B. Allow group SystemAdmins to manage virtual-network-family in compartment 
CompartmentB:CompartmentC 

C. Allow group SystemAdmins to manage virtual-network-family in compartment 
CompartmentA:CompartmentB:CompartmentC 

D. Allow group SystemAdmins to manage virtual-network-family in compartment Root 


Answer: C 
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Explanation: 

a policy statement must specify the compartment for which access is being granted (or the tenancy). 
Where you create the policy determines who can update the policy. If you attach the policy to the 
compartment or its parent, you can simply specify the compartment name. If you attach the policy 
further up the hierarchy, you must specify the path. The format of the path is each compartment 
name (or OCID) in the path, separated by a colon: 
<compartment_level_1>:<compartment_level_2>:...<compartment_level_n> 

For example, assume you have a three-level compartment hierarchy, shown here: 


COMPARTMENT 


(root) 7 


& CompartmentA 
& CompartmentB 
CompartmentC 


You want to create a policy to allow NetworkAdmins to manage VCNs in Compartmentc. If you want 
to attach this policy to CompartmentC or to its parent, CompartmentB, write this policy statement: 
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentC 
However, if you want to attach this policy to CompartmentA (so that only administrators of 
CompartmentA can modify it), write this policy statement that specifies the path: 

Allow group NewtworkAdmins to manage  virtual-network-family in compartment 
CompartmentB:CompartmentC 

To attach this policy to the tenancy, write this policy statement that specifies the path from 
CompartmentA to Compartmentc: 

Allow group NewtworkAdmins to manage  virtual-network-family in compartment 
CompartmentA:CompartmentB:CompartmentC 


Question: 5 


You have received an email from your manager to provision new resources on Oracle Cloud 
Infrastructure (OCI). When researching OCI y detect that you should use OCI Resource Manager. 
Since this is a task that will be done multiple times for development, test, and production need to 
create a command that can be re-used. 

Which CLI command can be used In this situation? 

A) 
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oci resource-manager stack update --tenancy-id <tenancy OCID> \ 
--config-source prod.zip --variables file://variables.json \ 


--display-name “Production stack build” \ 
--description Creating new Production environment 


A. Option A 
B. Option B 
C. Option C 
D. Option D 


Answer: B 


Explanation: 

On Windows, be sure the .zip file and variables.json files are in the same directory from which you're 
running the CLI. The CLI currently has a limitation on Windows that prevents correct handling of the 
files if either one is in a subdirectory. 

Open a command prompt and run oci resource-manager stack create to create a stack: 

oci resource-manager stack create --compartment-id <compartment_OCID>  --config-source 
<config_file_name> --variables <var_file_path> --display-name "<friendly_name>"  --description 
"<description>" --working-directory "" 

https://docs.cloud.oracle.com/en- 


us/iaas/Content/ResourceManager/Tasks/managingstacksandjobs.htm#CreateStack 
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